This ransomware is notable mostly because it’s trying really hard to avoid detection, harder than most ransomware do. For more information on the ransomware itself, first specialized articles detail its advanced obfuscation level. Here is an update on the behaviour of Stormshield Endpoint Security and Stormshield Network Security.


Stormshield Endpoint Security – threat management

Interestingly enough, all found technical materials deal with one specific malicious binary, and the malware is not packed in any way.
Blocking the execution of the malware’s specific hash could then be efficient to block SNAKE, at least this specific version.

Hash: e5262db186c97bbe533f0a674b08ecdafa3798ea7bc17c705df526419c168b60

And as with all ransomware, one of the most effective ways to stop it is to use SES Application Control to allow only specific applications to access known file extensions. For example to prevent abnormal processes from accessing Microsoft Office documents, allow only Office applications to access Office documents.


Stormshield Network Security – threat management

Breach Fighter and SNS Premium Antivirus options both detect the binary described above.

In general, Breach Fighter option is also able to detect data encryption operations performed by ransomware, even when the binary hash is not known yet.

Share on

[juiz_sps buttons="facebook, twitter, linkedin, mail"]
Need help configuring your Stormshield products? Take a look at the Stormshield Technical Documentation site.
About the author
Julien Paffumi Product Portfolio Manager, Stormshield

Julien Paffumi began his career as a Quality Engineer in Arkoon's R&D department. He then went on to train administrators directly, acquiring extensive knowledge of their needs - invaluable experience for his next role as Product Manager of Arkoon Fast360 firewalls, then of the Stormshield Management Center centralized administration console. As Product Portfolio Manager, he now has a cross-functional role that enables him to feed his eternal curiosity with a more global approach to Stormshield solutions.